Each IP address can only be configured with one certificate. For the example above:

abc.com=192.168.100.1

xyz.com=192.168.100.2

In step 2, the “common name” must refer to the domain name of the web site. If a different name is given, you’ll get a certificate error message like the following: “Certificate belongs to a different site, which could indicate an identity theft”.

I’m afraid that’s not possible. HTTPS traffic is encrypted (including all HTTP headers), the front-end server in your example will not know which internal server to forward the traffic to. This is the reason why I said “each IP address can only have one certificate”.